EnlargeQualcomm

A billion or more Android devices are vulnerable to hacks that can turn them into spying tools by exploiting more than 400 vulnerabilities in Qualcomms Snapdragon chip, researchers reported this week.

The vulnerabilities can be exploited when a target downloads a video or other content thats rendered by the chip. Targets can also be attacked by installing malicious apps that require no permissions at all.

From there, attackers can monitor locations and listen to nearby audio in real time and exfiltrate photos and videos. Exploits also make it possible to render the phone completely unresponsive. Infections can be hidden from the operating system in a way that makes disinfecting difficult.

Snapdragon is whats known as a system on a chip that provides a host of components, such as a CPU and a graphics processor. One of the functions, known as digital signal processing, or DSP, tackles a variety of tasks, including charging abilities and video, audio, augmented reality, and other multimedia functions. Phone makers can also use DSPs to run dedicated apps that enable custom features.

New attack surface

“While DSP chips provide a relatively economical solution that allows mobile phones to provide end users with more functionality and enable innovative features—they do come with a cost,” researchers from security firm Check Point wrote in a brief report of the vulnerabilities they discovered. “These chips introduce new attack surface and weak points to these mobile devices. DSP chips are much more vulnerable to risks as they are being managed as Black Boxes since it can be very complex for anyone other than their manufacturer to review their design, functionality or code.”

Qualcomm has released a fix for the flaws, but so far it hasnt been incorporated into the Android OS or any Android device that uses Snapdragon, Check Point said. When I asked when Google might add the Qualcomm patches, a company spokesman said to check with Qualcomm. The chipmaker didnt respond to an email asking.

Check Point is withholding technical details about the vulnerabilities and how they can be exploited until fixes make their way into end-user devices. Check Point has dubbed the vulnerabilities Achilles.

In a statement, Qualcomm officials said: “Regarding the QualcRead More – Source

[contf] [contfnew]

arstechnica

[contfnewc] [contfnewc]